cipher_suite.h

/*
 * This file is part of the openHiTLS project.
 *
 * openHiTLS is licensed under the Mulan PSL v2.
 * You can use this software according to the terms and conditions of the Mulan PSL v2.
 * You may obtain a copy of Mulan PSL v2 at:
 *
 *     http://license.coscl.org.cn/MulanPSL2
 *
 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
 * See the Mulan PSL v2 for more details.
 */
 
#ifndef CIPHER_SUITE_H
#define CIPHER_SUITE_H
 
#include <stdint.h>
#include <stdbool.h>
#include "hitls_build.h"
#include "hitls_config.h"
#include "hitls_crypt_type.h"
#include "hitls_cert_type.h"
#include "hitls_type.h"
 
#ifdef __cplusplus
extern "C" {
#endif
 
#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00ffu   /* renegotiation cipher suite */
 
#define TLS_FALLBACK_SCSV 0x5600u   /* downgraded protocol cipher suite */
 
/* cert request Type of the certificate requested */
typedef enum {
    /* rfc5246 7.4.4 */
    CERT_TYPE_RSA_SIGN = 1,
    CERT_TYPE_DSS_SIGN = 2,
    CERT_TYPE_RSA_FIXED_DH = 3,
    CERT_TYPE_DSS_FIXED_DH = 4,
    /* rfc8422 5.5 */
    CERT_TYPE_ECDSA_SIGN = 64,
    CERT_TYPE_UNKNOWN = 255
} CERT_Type;

typedef struct TlsCipherSuiteInfo {
    bool enable;                        
    const char *name;                   
    const char *stdName;                
    uint16_t cipherSuite;               
 
    /* algorithm type */
    HITLS_CipherAlgo cipherAlg;         
    HITLS_KeyExchAlgo kxAlg;            
    HITLS_AuthAlgo authAlg;             
    HITLS_MacAlgo macAlg;               
    HITLS_HashAlgo hashAlg;             

    HITLS_SignHashAlgo signScheme;
 
    /* key length */
    uint8_t fixedIvLength;     
    uint8_t encKeyLen;         
    uint8_t macKeyLen;         
 
    /* result length */
    uint8_t blockLength;      
    uint8_t recordIvLength;   
    uint8_t macLen;           
 
    uint16_t minVersion;         
    uint16_t maxVersion;         
    uint16_t minDtlsVersion;     
    uint16_t maxDtlsVersion;     
    HITLS_CipherType cipherType; 
    int32_t strengthBits;        
} CipherSuiteInfo;

typedef struct {
    HITLS_SignHashAlgo scheme;      
    HITLS_SignAlgo signAlg;         
    HITLS_HashAlgo hashAlg;         
} SignSchemeInfo;
 
typedef struct {
    HITLS_SignHashAlgo scheme;      
    HITLS_NamedGroup cureName;      
} EcdsaCurveInfo;

typedef struct {
    uint16_t cipherSuite;      
    CERT_Type certType;        
} CipherSuiteCertType;

int32_t CFG_GetCipherSuiteInfo(uint16_t cipherSuite, CipherSuiteInfo *cipherInfo);

bool CFG_CheckCipherSuiteSupported(uint16_t cipherSuite);

bool CFG_CheckCipherSuiteVersion(uint16_t cipherSuite, uint16_t minVersion, uint16_t maxVersion);

bool CFG_GetSignParamBySchemes(const HITLS_Ctx *ctx, HITLS_SignHashAlgo scheme, HITLS_SignAlgo *signAlg,
    HITLS_HashAlgo *hashAlg);

uint8_t CFG_GetCertTypeByCipherSuite(uint16_t cipherSuite);

HITLS_NamedGroup CFG_GetEcdsaCurveNameBySchemes(const HITLS_Ctx *ctx, HITLS_SignHashAlgo scheme);
 
#define IS_SM_TLS13(cipherSuite) (((cipherSuite) == HITLS_SM4_GCM_SM3) || ((cipherSuite) == HITLS_SM4_CCM_SM3))
 
#ifdef __cplusplus
}
#endif
 
#endif // CIPHER_SUITE_H